<?php
include('header.php');
$n1 = rand(1, 9);
$n2 = rand(1, 9);

if(isset($_GET['hash']) && $_GET['hash'] > 0 && is_numeric($_GET['hash'])){
	$pass1 = $_POST['pass1'];
	$pass2 = $_POST['pass2'];
	$hash = $db->EscapeString($_GET['hash']);
	$rec = $db->FetchArray($db->Query("SELECT id,login,email FROM `users` WHERE `rec_hash`='".$hash."' LIMIT 1"));
	
	if($rec['id'] != ''){
		if(isset($_POST['change'])) {
			$nr1 = base64_decode($_POST['nr1']);
			$nr2 = base64_decode($_POST['nr2']);
			if($nr1 + $nr2 != $_POST['captcha']){
				$mesaj = '<div class="error">ERROR: Security answer is wrong!</div>';
			}elseif (!checkPwd($pass1,$pass2)) {
				$mesaj = '<div class="error">ERROR: Passwords do not match!</div>';
			}else{
				$passc = MD5($pass1);
				$db->Query("UPDATE `users` SET `pass`='".$passc."', `rec_hash`='0' WHERE `email`='".$rec['email']."'");
				$mesaj = "<div class=\"success\">Password was successfully changed!</div>";
			}
		}
?>
<div class="block medium right">
			<div class="top">
                  <h1>Change Password</h1>
            </div>
			<div class="content"><div class="msg"><?echo $mesaj;?></div>
			<form id="form" method="post">
				<input type="hidden" name="nr1" value="<? echo base64_encode($n1); ?>" />
				<input type="hidden" name="nr2" value="<? echo base64_encode($n2); ?>" />
				<fieldset>
					<p>
						<label>New Password</label>
 						<input class="text big" name="pass1" type="password" value="" required="required" />
					</p>
					<p>
						<label>Repeat Password</label>
 						<input class="text big" name="pass2" type="password" value="" required="required" />
					</p>
					<p>
						<label><?=($n1." + ".$n2." = ?")?></label>
 						<input class="text big" name="captcha" type="text" value="" required="required" />
					</p>
					<p style="text-align: center; padding-top: 15px;">
					<input class="gbutton" type="submit" name="change" value="Submit" />
					</p>
				</fieldset>
			</form>
		</div>
	</div>
<?
	}
}else{

if(isset($_POST['send'])) {
	$nr1 = base64_decode($_POST['nr1']);
	$nr2 = base64_decode($_POST['nr2']);
	$email = $db->EscapeString($_POST['email']);
	$rec = $db->FetchArray($db->Query("SELECT id,login FROM `users` WHERE `email`='".$email."'"));

	if($nr1 + $nr2 != $_POST['captcha']){
		$mesaj = '<div class="error">ERROR: Security answer is wrong!</div>';
	}elseif($_POST['email'] == ""){
		$mesaj = '<div class="error">ERROR: Please enter your email address!</div>';
	}elseif($rec['login'] == ""){
		$mesaj = '<div class="error">ERROR: Email address is not registered in our database.!</div>';
	}else{
		$newhash = rand(1000000,9999999);
		$db->Query("UPDATE `users` SET `rec_hash`='".$newhash."' WHERE `email`='".$email."'");
		
		$subject ="Password";
		$message="Hello {$rec['login']},

You asked for password recovery.
Your new password is: {$site['site_url']}/recover.php?hash={$newhash}

Best Regards!";
		$header="From: {$site['site_email']} <{$site['site_email']}>";
		$send_contact=mail($email,$subject,$message,$header);
		$mesaj = "<div class=\"success\">Success! An email was sent!</div>";
	}
}?>
<div class="block medium right">
			<div class="top">
                  <h1>Recover Password</h1>
            </div>
			<div class="content"><div class="msg"><?echo $mesaj;?></div>
			<form id="form" method="post">
				<input type="hidden" name="nr1" value="<? echo base64_encode($n1); ?>" />
				<input type="hidden" name="nr2" value="<? echo base64_encode($n2); ?>" />
				<fieldset>
					<p>
						<label>Email</label>
 						<input class="text big" name="email" type="email" value="" required="required" />
					</p>
					<p>
						<label><?=($n1." + ".$n2." = ?")?></label>
 						<input class="text big" name="captcha" type="text" value="" required="required" />
					</p>
					<p style="text-align: center; padding-top: 15px;">
					<input class="gbutton" type="submit" name="send" value="Send" />
					</p>
				</fieldset>
			</form>
		</div>
	</div>
<?}
include('footer.php');?>